Hi Dmitri,
Hi everyone,
We are implementing the WebID-OIDC spec to authenticate our users.
We currently have two applications that we would like to authenticate via
WebID-OIDC :
- the JS app that is running in the browser
- the Prosody XMPP server
and probably more to come. This forces us to replicate steps 6 and 7 of the
spec <Deriving a WebID URI:> wherever the `ID token` validation happens.
*My question is : is it OK to implement a web service that will allow us to
factorize this code ? *
We could call that web service, passing it the `id token` and any relevant
parameters, and it would respond with the `webid` if the token was valid,
or with an explicit error message if it wasn't.
Sounds like a good idea to be but I might be missing something.
Your validation that this architecture would work and be WebID-OIDC
compliant would help us decide in which direction we go.
All the best !
--
Alexandre BOURLIER
06 51 71 08 21
https://happy-dev.fr <http://happy-dev.fr>
https://startinblox.com